The Big List of Information Security Vulnerabilities
posted by John Spacey, June 27, 2016Information security vulnerabilities are weaknesses that expose an organization to risk. Understanding your vulnerabilities is the first step to managing risk.
Employees
1. Social interaction2. Customer interaction
3. Discussing work in public locations
4. Taking data out of the office (paper, mobile phones, laptops)
5. Emailing documents and data
6. Mailing and faxing documents
7. Installing unauthorized software and apps
8. Removing or disabling security tools
9. Letting unauthorized persons into the office (tailgating)
10. Opening spam emails
11. Connecting personal devices to company networks
12. Writing down passwords and sensitive data
13. Losing security devices such as id cards
14. Lack of information security awareness
15. Keying data
Former Employees
1. Former employees working for competitors2. Former employees retaining company data
3. Former employees discussing company matters
Technology
1. Social networking2. File sharing
3. Rapid technological changes
4. Legacy systems
5. Storing data on mobile devices such as mobile phones
6. Internet browsers
Hardware
1. Susceptibility to dust, heat and humidity2. Hardware design flaws
3. Out of date hardware
4. Misconfiguration of hardware
Software
1. Insufficient testing2. Lack of audit trail
3. Software bugs and design faults
4. Unchecked user input
5. Software that fails to consider human factors
6. Software complexity (bloatware)
7. Software as a service (relinquishing control of data)
8. Software vendors that go out of business or change ownership
Network
1. Unprotected network communications2. Open physical connections, IPs and ports
3. Insecure network architecture
4. Unused user ids
5. Excessive privileges
6. Unnecessary jobs and scripts executing
7. Wifi networks
IT Management
1. Insufficient IT capacity2. Missed security patches
3. Insufficient incident and problem management
4. Configuration errors and missed security notices
5. System operation errors
6. Lack of regular audits
7. Improper waste disposal
8. Insufficient change management
9. Business process flaws
10. Inadequate business rules
11. Inadequate business controls
12. Processes that fail to consider human factors
13. Overconfidence in security audits
14. Lack of risk analysis
15. Rapid business change
16. Inadequate continuity planning
17. Lax recruiting processes
Partners and Suppliers
1. Disruption of telecom services2. Disruption of utility services such as electric, gas, water
3. Hardware failure
4. Software failure
5. Lost mail and courier packages
6. Supply disruptions
7. Sharing confidential data with partners and suppliers
Customers
1. Customers access to secure areas2. Customer access to data (ie. customer portal)
Offices and Data Centers
1. Sites that are prone to natural disasters such as earthquakes2. Locations that are politically unstable
3. Locations subject to government spying
4. Unreliable power sources
5. High crime areas
6. Multiple sites in the same geographical location
Security Vulnerabilities Exploitable flaws and weaknesses. |
Yes, architect is a verb. Some dictionaries list it as a verb and others do not. The ones that don't haven't caught up with the modern usage of the word architect. |
The most important diagram in all of business architecture — without it your EA efforts are in vain. |
Service-oriented Architecture (SOA) is as simple as can be — it can all be boiled down to these 9 principles. |
Recently on Simplicable
Security Through Obscurityposted by Anna MarSecurity through obscurity is generally considered a bad idea ... |
IT Security Guideposted by John SpaceyA guide to information security including cheat sheets, best practices and checklists. |